Cloud Overview
Over the past few years I’ve written a lot about the cloud, and what it means for Europe. Here I want to pull the various articles together into a coherent story. Note, nothing what follows is in any way novel or original. While the facts presented in the articles are pretty inconvenient and in parts depressing, they are not controversial.
To start with, “the cloud” by now is a large catalog of services. This catalog can be likened to IKEA: The cloud has everything. If you want to compete, you need to show up with a lot of stuff. No one is interested in a less complete IKEA. In addition, the services being sold by the hyperscaler cloud-IKEAs are not easy to replicate. Perhaps Airbus or ASML-style hard work. I wrote about this in Taking the Airbus to the IKEA Cloud.
Photo by Alex Machado on Unsplash
There are governments and companies that have concluded that it is no longer possible to do anything IT or computer related without using one of the big three US cloud providers. This conclusion comes from some circular reasoning however. There are indeed software developers that no longer function without US cloud support. And these developers will indeed tell you there is no life outside of Microsoft/Google/AWS. Europe however still has a lot of capacity to build software based on servers instead of on specific cloud services. I outlined this in Cloud Naïve: Europe and the ‘Bijenkorf’ Megascaler.
Many organizations have over the years outsourced a lot of their IT. Even very information heavy things like banks have decided that IT and computing are not their core competence. They are now realizing they were wrong about this. However, it is very common to first outsource non-core competences, and then not know when to stop. It is extremely difficult to stop doing 80% of what you did while remaining good at the 20% you must retain. If you have no native IT skills left, you end up depending 100% on someone else’s skills, most likely from the cloud. I expand on this hard problem in Your tech or my tech: make up your mind quickly.
We need solutions to Europe’s lack of hyperscalers & total dependency on the US. We often look towards “Europe”, but is is important to know that we can’t just ask “Europe to invest in cloud”, we need to be more specific. Europe is a land mass, it doesn’t “do” anything. I ask for precision in the piece Don’t say ‘Europe Must Invest in XYZ’.
Meanwhile, a lot of oxygen has been used up by GAIA-X, which is not actually an EU project. I wrote Gaia-X is a distraction which should be abandoned, which includes a response from the GAIA-X board. But GAIA-X, and similar projects, are not going to save us.
The cloud luckily is not just one thing. It ranges from renting servers, bandwidth, storage on one end, and outsourcing your entire business communications/processes on the other end. It turns out that in Europe we are actually very good at the server/storage/bandwidth front. There is a lot of nuance. It is entirely possible to base quality (government) services on European clouds. But, you have to want to. In The (European) cloud ladder: from virtual server to MS 365 I expand on what cloud services we do have in Europe, and also define what we don’t have.
In Dear hosters, you are selling wood, not furniture I zoom in specifically on how some European providers of servers should be clear that they are providing great compute and network capacity, but that many customers actually want higher level services.
These differences meanwhile are crucial. Organizations often sign off on “going to the cloud” without realizing this could mean all kinds of things. It could mean sensibly renting compute capacity and getting rid of your own datacenter and servers. But it could also mean making yourself 100% dependent on one specific US supplier, one who then becomes your eternal subcontractor. This could also be fine, but as I wrote “These days under the guise of ‘cloud as a commodity’ we are gluing ourselves to specific suppliers, without realizing that they are not in fact supplying commodity services.”. More in ‘The cloud’ is not just servers. ‘Going to the cloud’ could also mean locking into a forever sub-contractor.
Meanwhile, it is 2025 and war is raging. Yet our IT systems are brittle and fall over all the time, even without having to deal with nation state attackers. In Cyber Security: A Pre-War Reality Check I wrote about the dire state of our systems. Basing your national security, hospitals, safety on cloud providers on other continents, while waging a trade war, may not be the wisest idea.
We sometimes hear that the hyperscalers are so far ahead of us it is pointless to compete. If the cloud were something like chemicals, where the only thing that matters is price, this would be true. However, the cloud is not a chemical factory, as I wrote in this Dutch piece De cloud is geen paracetamolfabriek. It turns out you don’t have to be the very cheapest to compete. And in fact, the hyperscaler clouds are incredibly expensive.
Meanwhile, governments are moving to the US cloud at a rapid clip. In Europe we now absolutely rely on the availability of US services to get anything done. If Trump were to sanction one of our governments, we’d lose access to the “beautiful US clouds”, and nothing would work anymore. In addition, the US can now read all our government/court/tax documents. Finally, if the US cloud somehow stumbles, perhaps because it is attacked by Russia, we’ll have to patiently wait for the US to repair their cloud. We can’t do anything about that ourselves. In the piece How sovereign do you want to be? I wonder if this is all a good idea (no).
Meanwhile, the US situation means that the EU-US privacy framework is near death. Part of this framework is the a special committee within the US government that is supposed to monitor this framework. As one of his first moves, Trump dismantled this committee. In the Dutch piece Is het legaal om persoonsgegevens op servers van Amerikanen te zetten? (with many links to English language documents), I discuss how depending on this near-deceased framework will lead to foreseeably illegal situations.
To get us out of our painful dependencies, it is often suggested to “go open source”. While open source software is inevitably going to be part of the solution, software is still software. That the software is free and comes with a lot of freedom does not mean it will work well for your office situation. You still need classic IT operations, as outlined in the piece Open Source on its own is no alternative to Big Tech. Crucially, if you “just try some open source”, your experiment will fail, to the delight of incumbent software giants.
A piece in Dutch mostly on the Dutch government’s total planned reliance on Microsoft email and communication services. Contains links to documents where the Dutch government confirms that the US will be able to read all our documents. This apparently is an acceptable risk. The article De toestand van de cloud en de overheid has this, plus some highly nostalgic WordPerfect screenshots for those of a certain age.
People in the Microsoft ecosystem will often say that you can use “Double Key Encryption” or special EU-only servers to protect yourself from the US government. Microsoft itself is a lot more careful about this, since they know it is not true. In the article “Servers in de EU, eigen (dubbele) sleutels: helpt het?” I outline in Dutch how the location of your servers makes no practical difference, and how even Microsoft says that the double key encryption is impractical except for very limited numbers of documents, perhaps 5%. Translation works well on this article, and at the end you’ll find some references documents in English.
Europe is now on the path to having all its government communications flow through US-operated servers, falling under US spying legislation. We are also at risk of sanctions, where the US can cut off our use of those servers with a single letter. This got me all hot and bothered, and I suggested this is not acceptable, and we should build at least a backup communication solution for our vital services, like governments and hospitals: Communications without Musk and Trump: Cloud Kootwijk. This piece got a lot of attention in The Netherlands and led to the passing (and accepting) of a parliamentary motion to create such a backup solution. I was also invited to a Dutch parliamentary hearing to talk about this.
Since “the events since January 20th”, as the second Trump presidency has been called, it has become clear it would be EXCEPTIONALLY unwise to make ourselves completely dependent on US services. Trump is entirely transactional. If you depend on the US more than the other way around, he’ll shake you down. We must not allow a situation where we can’t operate our defense, hospitals, tax systems and banks only if Trump likes us. I wrote about this in It is no longer safe to move our governments and societies to US clouds.
We need to get more cloud options and from more countries, not just the US. This will require industrial policy. The free market has not magically delivered us sovereignty, and is not about to do so either. Any new non-US initiative will at first not be as powerful or as easy to use as the incumbent clouds. In But how to get to that European cloud? I wrote on a plausible path forward.
This piece resonated very well, but people asked for more detail on who exactly should do what. These are reasonable questions. Many things have been attempted already, and there are many pitfalls along the way to a non-US cloud that people would want to do business with. This requires both great technology but also incentives. Not many people are going to use a non-US cloud just because it has a lovely EU flag on it. In A coherent European/non-US cloud strategy: building railroads for the cloud economy I present a strategy that is concrete enough that you can disagree with it. It talks about technical, legal and business strategies. Crucially, a lot of the suggestions are good ideas anyhow, even if not everything works out.